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Remarks 

This Application has been carefully reviewed in light of the Office Action mailed 
August 23, 2004. Applicants appreciate the Examiner's consideration of the Application. 
Applicants have made clarifying amendments to Claims 1-3, 7, and 9, and have canceled 
Claims 4-5 without prejudice or disclaimer. Certain of these amendments are not considered 
narrowing or necessary for patentability. Applicants have also added new Claims 10-47, 
none of which add any new matter. Applicants respectfully request reconsideration and 
allowance of all pending claims, and consideration and allowance of all new claims. 

L Information Disclosure Statement 

Applicants mailed Information Disclosure Statements (IDSs) and accompanying 
PTO-1449 forms on July 18, 2001 and January 8, 2002, but the submitted references were 
not indicated as considered by the Examiner in this Office Action. Additionally, Applicants 
mailed a Request for Consideration of an Information Disclosure Statement Timely Filed on 
September 17, 2004. Applicants respectfully request the Examiner to indicate consideration 
of the submitted references by initialing next to each reference on the PTO-1449 forms. For 
the Examiner's convenience, copies of the IDSs and PTO-1449 forms are attached to this 
Response. 

II. Applicants' Claims are Allowable over the Proposed Glasser-PAG Combination 

The Examiner rejects Claims 1-9 under 35 U.S.C. § 103(a) as being unpatentable over 
U.S. Patent 5,956,715 to Glasser, et ah ("Glasser") in view of "Purveyor Administrator's 
Guide" C'PAG"). Applicants respectfully disagree and discuss independent Claim 1 as an 
example. 

At a minimum, neither Glasser nor PAG, whether considered alone or in 
combination, disclose, teach, or suggest the following limitations recited in Claim 1, as 
amended: 

• a plurality of roles defining user rights to access one or more of the plurality 
of assets, each member associated with at least one role; 

• at least one domain being an administrative and access control boundary 
around a plurality of security entities, the security entities of the at least one 
domain comprising; 

a subset of the plurality of assets and the access control lists 
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corresponding to the assets in the subset of the assets; 
a subset of the plurality of roles; and 
a subset of the members; 
o each privilege defined in the access control lists of the at least one domain 

identifying one or more roles in the domain that may access the asset 

corresponding to the privilege; 
o the security system operable to authorize a particular member to perform a 

requested operation with respect to a requested asset within the domain 

when the particular member is associated with a role, in the domain, 

corresponding to a privilege for the requested asset. 

For example, Glasser fails to disclose, teach, or suggest "a plurality of roles defining 
user rights to access one or more of the plurality of assets, each member associated with at 
least one role," as recited in Claim 1 as amended. The Examiner apparently equates the list 
of user groups disclosed in Glasser with the "plurality of roles" recited in Claim 1 . (See 
Office Action, Page 2; Glasser, Column 5, Line 58) Applicants respectfully submit that this 
equation is improper. For example, a role does not necessarily require a group of users. A 
role could be assigned to a single user or a group of users. Indeed, Applicants' Specification 
even describes groups 32 and roles 34 as distinct entities in the example system described in 
the Specification. (See Specification, Pages 8 and 18-19) Thus, while Glasser discloses lists 
of user groups, Glasser fails to disclose, teach, or suggest "a plurality of roles defining user 
rights to access one or more of the plurality of assets, each member associated with at least 
one role," as recited in Claim 1 as amended. PAG fails to account for this deficiency of 
Glasser. 

As another example, neither Glasser nor PAG discloses, teaches, or suggests the "at 
least one domain," as recited in Claim 1. The Examiner apparently acknowledges that 
Glasser fails to teach the at least one domain recited in Claim 1 . (See Office Action, Page 3) 
However, the Examiner argues that PAG does teach this limitation, stating that Glasser "does 
not teach for the network to comprise the Internet which uses resources on many domains. 
PAG teaches an access control system for use on Internet servers using access control lists 
and restricting by domain." (Office Action, Page 3, citations omitted) As disclosing this at 
least one domain (as recited in Claim 1 prior to the amendments presented in this Response), 
the Examiner references PAG's disclosure that access can be controlled based upon the 
client's IP address. (See Office Action, Page 3; PAG, Page 1, Line 9) Applicants respectfully 



DAU) 1:824332 



ATTORNEY DOCKET NO. 
020431.0971 



17 



PATENT APPLICATION 
USSN 09/800,168 



submit that the mere disclosure in PAG that access can be controlled based upon a client's IP 
address fails to disclose, teach, or suggest the "at least one domain," as recited in Claim 1 . In 
particular, restricting access based on a client's IP address fails to disclose, teach, or suggest 
"at least one domain being an administrative and access control boundary around a plurality 
of security entities, the security entities of the at least one domain comprising: a subset of the 
plurality of assets and the access control lists corresponding to the assets in the subset of the 
assets; a subset of the plurality of roles; and a subset of the members," as recited in Claim 1 
as amended. 

As another example, at least because Glasser and PAG fail to disclose, teach, or 
suggest the "at least one domain," as recited in Claim 1, both Glasser and PAG necessarily 
fail to disclose, teach, or suggest "each privilege defined in the access control lists of the at 
least one domain identifying one or more roles in the domain that may access the asset 
corresponding to the privilege" and "the security system operable to authorize a particular 
member to perform a requested operation with respect to a requested asset within the domain 
when the particular member is associated with a role, in the domain, corresponding to a 
privilege for the requested asset," as recited in Claim 1 as amended. 

Moreover, Applicants do not admit that it is possible to combine Glasser and PAG in 
the manner proposed by the Examiner or that the Examiner has shown the requisite teaching, 
suggestion, or motivation in the cited references to combine or modify the Glasser and PAG 
in the manner proposed by the Examiner, 

For at least these reasons, Applicants respectfully request reconsideration and 
allowance of independent Claim 1 and its dependent claims. For substantially similar 
reasons, Applicants respectfully request reconsideration and allowance of independent Claim 
7 and its dependent claims. 

IIL New Claims 10-47 are AJlowabtc 

In addition to being dependent on allowable independent claims, new Claims 10-21 
(which depend from independent Claim 1) and new Claims 22-33 (which depend from 
independent Claim 7) recite further patentable distinctions over the prior art of record. To 
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avoid burdening the record and in view of the clear allowability of independent Claims 1 and 
7, Applicants do not discuss these distinctions in this Response. However, Applicants 
reserve the right to discuss these distinctions in a future Response or on Appeal, if 
appropriate. Furthermore, new Claims 34-47 are directed to software and are allowable for at 
least the same reasons discussed above with reference to Claims 1-3 and 6 and new Claims 
10-21 (which Applicants have shown to be allowable). 

IV. No Waiver 

All of Applicants' arguments and amendments are without prejudice or disclaimer. 
Additionally, Applicants have merely discussed example distinctions from the references cited 
by the Examiner. Other distinctions may exist, and Applicants reserve the right to discuss these 
additional distinctions in a future Response or on Appeal, if appropriate. By not responding to 
additional statements made by the Examiner, Applicants do not acquiesce to the Examiner's 
additional statements. The example distinctions discussed by Applicants are sufficient to 
overcome the Examiner's rejections. 
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C nctosion 



Applicants have made an earnest attempt to place this case in condition for allowance. 



For at least the foregoing reasons, Applicants respectfully request full allowance of all pending 
claims. 

If the Examiner believes a telephone conference would advance prosecution of this case 
in any way, the Examiner is invited to contact Christopher W. Kennedy, Attorney for 
Applicants, at the Examiner's convenience at (214) 953-6812, 

The Commissioner is hereby authorized to charge the amount of $450.00 to Deposit 
Account No. 02-0384 of Baker Botts L.L.P. to cover the cost of twenty-five new claims total 
over twenty. Although Applicants believe no other fees are due, the Commissioner is hereby 
authorized to charge any other fees or credit any overpayments to Deposit Account No. 02-0384 
of Baker Botts L.L.P. 



Respectfully submitted, 



BAKER BOTTS L.L.P. 
Attorneys for Applicants 




Christopher W. Kennedy 
Reg. No. 40,675 



Date: November 23, 2004 
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